Canti

Foto Bucket Bypass

228 posts in this topic

I've been building an AJAX based framework around the XML results given back by the "secret url" for hours, and you guys tell me there is just a password bypass?

:blowfuse: :cuss: :yell: :pissed: :growl:

0

Share this post


Link to post
Share on other sites

heh, yes, this address bar exploit sounds interesting :P

0

Share this post


Link to post
Share on other sites

this is all out of control. i tried the script as well. blank for me as well. bloody hell.

come on you reds!

0

Share this post


Link to post
Share on other sites

Wow this thread needs to just be closed until people stop showing up from google.

"Please I'm a moron hold my hand I'm so clueless..."

No we will not fill you in on the URL exploit. Maybe if you put in an actual effort to find it your self one of us might consider helping you out. But most people aren't in the business of holding little kids hands.

"Give a man a fish and he eats for a day. Teach a man to fish and he eats for life."

If the script doesn't work try another host.

0

Share this post


Link to post
Share on other sites

Wow this thread needs to just be closed until people stop showing up from google.

"Please I'm a moron hold my hand I'm so clueless..."

No we will not fill you in on the URL exploit. Maybe if you put in an actual effort to find it your self one of us might consider helping you out. But most people aren't in the business of holding little kids hands.

"Give a man a fish and he eats for a day. Teach a man to fish and he eats for life."

If the script doesn't work try another host.

i have put in some effort. asking on this forum was a last ditch effort. i have been looking for over a week trying different things. i thought the reason for these forums was for people to share things and ask questions. if you don't want people to know what you have found, then don't post a message saying that you know how to do something. its human nature to want to ask questions. thats the only way that you are going to find out.

0

Share this post


Link to post
Share on other sites

I FUND THIS THRED IN GEWGL AND I WILL H345X YOUR MOMZ CUZ LAWL IT TELL ME HOW TO HAX THIS KKKKLOLHAHEHHRHAHA E- IN TEH DIGITL HAIGHWEY MAI NEIM IS NIO AND I AM HERO

LULZKBAI TELLMEO R IL H4AX YUOJ ALL KTHNX BAI!!!!!!!!!

and urm:

"i have put in some effort. asking on this forum was a last ditch effort. i have been looking for over a week trying different things. i thought the reason for these forums was for people to share things and ask questions. if you don't want people to know what you have found, then don't post a message saying that you know how to do something. its human nature to want to ask questions. thats the only way that you are going to find out."

i have many questions, and look around google and the last thing i do is ask in here... but when i ask, i dont even expect anything to be served to me. what i get most of the times, and im glad i do, is more questions that I should be asking MYSELF and finding the answer to those questions in order to have the tools to answer the original urge i had, and be able to avoid having to ask once and again everytime i advance one line in what im doing, and get stuck cause i got the response served in a silver dish.

maybe thats what you should ask, what do i do in order to do this ;p

/spam

Edited by Enkil
0

Share this post


Link to post
Share on other sites

I FUND THIS THRED IN GEWGL AND I WILL H345X YOUR MOMZ CUZ LAWL IT TELL ME HOW TO HAX THIS KKKKLOLHAHEHHRHAHA E- IN TEH DIGITL HAIGHWEY MAI NEIM IS NIO AND I AM HERO

LULZKBAI TELLMEO R IL H4AX YUOJ ALL KTHNX BAI!!!!!!!!!

and urm:

"i have put in some effort. asking on this forum was a last ditch effort. i have been looking for over a week trying different things. i thought the reason for these forums was for people to share things and ask questions. if you don't want people to know what you have found, then don't post a message saying that you know how to do something. its human nature to want to ask questions. thats the only way that you are going to find out."

i have many questions, and look around google and the last thing i do is ask in here... but when i ask, i dont even expect anything to be served to me. what i get most of the times, and im glad i do, is more questions that I should be asking MYSELF and finding the answer to those questions in order to have the tools to answer the original urge i had, and be able to avoid having to ask once and again everytime i advance one line in what im doing, and get stuck cause i got the response served in a silver dish.

maybe thats what you should ask, what do i do in order to do this ;p

/spam

thats the thing, i have no idea what questions i should be asking. i mean i have read as much as i can about the xss exploits, the address bar exploits the read only exploits that somehow magically appear. i am at a loss as where to go from here, thus the questions. i dont mind looking around for stuff, like i said i have been for the last week. google doesn't show this thread, i stumbled upon it looking for the answers to the questions that i have been asking. where do i go from here???

Edited by blh1976
0

Share this post


Link to post
Share on other sites

yeah if anyone could at least help me with how to find this(or any!) address bar exploit it'd be appreciated. i don't necessarily need to know this one, but how to actually find these would be cool; seems like it'd be a way to help people out without spoonfeeding it to them right?

0

Share this post


Link to post
Share on other sites

yeah if anyone could at least help me with how to find this(or any!) address bar exploit it'd be appreciated. i don't necessarily need to know this one, but how to actually find these would be cool; seems like it'd be a way to help people out without spoonfeeding it to them right?

you dont need the exploit at all. learn towards the exploit, and youll see youll end up learning a shitload more than you originally needed and actually wanted. thats what i meant, not "point me to the next exploit"

<_< i dont flame, i know sometimes i realize im so focused in doing something that i get the lil kid attitude and just focus on that.

me: damn i want to drive a ferrari f1

people: yea, learn to drive cars first

me: ok, maybe not the ferrari, but a mercedes f1

people: dude, LEARN TO DRIVE

me: yes yes but a f1 car

people: DIE BASTARD DIE

me: ow my larynx

something like that, you get the idea

0

Share this post


Link to post
Share on other sites

yeah i totally get what you're saying. just sometimes, even not necessarily this case, at least for me i learn best by example; like if i see something done and am told how, it's easier to learn than just a lot of tehnical stuff with no frame of reference. i'm pretty new to this whole thing and it's just kinda hard to know where to begin; it just seems so daunting at first. sorry if anything came off as begging for immediate results or anything.

0

Share this post


Link to post
Share on other sites

I've been using my AJAX framework for some time and I thought I'd let ya'll know what you are missing ;).

It consists of 2 files: framework.html and parser.php.

The code for parser.php is quite simple, all it does is transfer the data from the 'secret' url so AJAX can call it on the same Domain.

<?
//parser.php
header('Content-type: text/xml'); //needed so responseXML can use it
echo file_get_contents("http://SECRET/URL".$_GET['user']); //XML format
?>

I'm still updating the code, for example I want the thumbnails to always be a 3x4 grid where you can choose next or previous and also I would like to limit the full pics to 10 at a time.

post-4947-1160413688_thumb.jpg

post-4947-1160413755_thumb.jpg

post-4947-1160413770_thumb.jpg

0

Share this post


Link to post
Share on other sites

Very cool. I was thinking about building something like it but haven't had time to.

I've been using my AJAX framework for some time and I thought I'd let ya'll know what you are missing ;).

It consists of 2 files: framework.html and parser.php.

The code for parser.php is quite simple, all it does is transfer the data from the 'secret' url so AJAX can call it on the same Domain.

<?
//parser.php
header('Content-type: text/xml'); //needed so responseXML can use it
echo file_get_contents("http://SECRET/URL".$_GET['user']); //XML format
?>

I'm still updating the code, for example I want the thumbnails to always be a 3x4 grid where you can choose next or previous and also I would like to limit the full pics to 10 at a time.

0

Share this post


Link to post
Share on other sites

Very cool. I was thinking about building something like it but haven't had time to.

I've been using my AJAX framework for some time and I thought I'd let ya'll know what you are missing ;).

It consists of 2 files: framework.html and parser.php.

The code for parser.php is quite simple, all it does is transfer the data from the 'secret' url so AJAX can call it on the same Domain.

<?
//parser.php
header('Content-type: text/xml'); //needed so responseXML can use it
echo file_get_contents("http://SECRET/URL".$_GET['user']); //XML format
?>

I'm still updating the code, for example I want the thumbnails to always be a 3x4 grid where you can choose next or previous and also I would like to limit the full pics to 10 at a time.

canti, would you mind sending me the php script again? someone had sent it to me the first time i asked, but i retardedly deleted the pm...i still remember *part* of the secret url, so its not like im just pulling this out of my ass.

0

Share this post


Link to post
Share on other sites

I've been using my AJAX framework for some time and I thought I'd let ya'll know what you are missing ;).

It consists of 2 files: framework.html and parser.php.

The code for parser.php is quite simple, all it does is transfer the data from the 'secret' url so AJAX can call it on the same Domain.

<?
//parser.php
header('Content-type: text/xml'); //needed so responseXML can use it
echo file_get_contents("http://SECRET/URL".$_GET['user']); //XML format
?>

I'm still updating the code, for example I want the thumbnails to always be a 3x4 grid where you can choose next or previous and also I would like to limit the full pics to 10 at a time.

I'm confused...those aren't the pictures that I uploaded. :huh:

0

Share this post


Link to post
Share on other sites

Hmmm I understand most of the script, but what exactly goes in the hex part? That's the only thing thats confusing me.

Edited by Waffles
0

Share this post


Link to post
Share on other sites

I'm confused...those aren't the pictures that I uploaded. :huh:

That's because it's not your account (which is binrevtest), i made my own called 'binrevexample' ;)

I needed more pics to demonstrate the scrollbar in the div and folders.

This is yours ;)

post-4947-1160426535_thumb.jpg

Edited by DanielG
0

Share this post


Link to post
Share on other sites

I've been using my AJAX framework for some time and I thought I'd let ya'll know what you are missing ;).

It consists of 2 files: framework.html and parser.php.

The code for parser.php is quite simple, all it does is transfer the data from the 'secret' url so AJAX can call it on the same Domain.

<?
//parser.php
header('Content-type: text/xml'); //needed so responseXML can use it
echo file_get_contents("http://SECRET/URL".$_GET['user']); //XML format
?>

I'm still updating the code, for example I want the thumbnails to always be a 3x4 grid where you can choose next or previous and also I would like to limit the full pics to 10 at a time.

That is looking very nifty :) Also, how about some code that will tell you if said album is marked private (meaning: I am working on something and might finish it if I get the time and you're welcome to use it)

0

Share this post


Link to post
Share on other sites

I'm confused...those aren't the pictures that I uploaded. :huh:

That's because it's not your account (which is binrevtest), i made my own called 'binrevexample' ;)

I needed more pics to demonstrate the scrollbar in the div and folders.

This is yours ;)

Confirmed. Those *are* the 3 pictures that I uploaded. ;)

0

Share this post


Link to post
Share on other sites

That is looking very nifty :) Also, how about some code that will tell you if said album is marked private (meaning: I am working on something and might finish it if I get the time and you're welcome to use it)

I could do that with the PHP, but if you have a faster/client side way i'd love to know.

0

Share this post


Link to post
Share on other sites

That is looking very nifty :) Also, how about some code that will tell you if said album is marked private (meaning: I am working on something and might finish it if I get the time and you're welcome to use it)

I could do that with the PHP, but if you have a faster/client side way i'd love to know.

No, it's in PHP.. but I think I could turn it into a clientside piece.

0

Share this post


Link to post
Share on other sites

hey, i'm fairly new to PHP but i have been working on this for about a day now and i can't get anything but the blank screen. i think i have basically 3 questions and hopefully someone will realize that i'm new to this and give me some good advice....

1. if i'm using Canti's script last edited yesterday, do i NEED to use a hexed url or can i use ascii provided i don't post the script anywhere?

2. If the answer is that i need to use hex, is there a specific hex url format i should be using (ie. http://0xHEX.0xHEX.0xHEX.0xHEX or can i just use http://0xHEXHEXHEXHEX)?

3. when i'm editing the url for the script (and i know this is obvious, but i really don't know), should i be using a url for the overall domain or should i be using a url specific to the user's account?

4. bonus question: anyone want to PM me the address bar url and be my hero of the day? Haha! i had to try...

thanks everybody! stay pimpin. :morpheus:

0

Share this post


Link to post
Share on other sites

welp looks like that url exploit is done.. anyone got anything else?

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now